FDIC Home - Federal Deposit Insurance Corporation
FDIC - 75 years
FDIC Home - Federal Deposit Insurance Corporation

 
Skip Site Summary Navigation   Home     Deposit Insurance     Consumer Protection     Industry Analysis     Regulations & Examinations     Asset Sales     News & Events     About FDIC  


Home > News & Events > Financial Institution Letters



Financial Institution Letters

Computer Virus Protection

FIL-62-2004
June 7, 2004


TO: CHIEF EXECUTIVE OFFICER (also of interest to Chief Information Officer)
SUBJECT: Guidance on Developing an Effective Computer Virus Protection Program
Summary: The FDIC is issuing guidance to financial institutions about the importance of maintaining an effective computer virus protection program. The guidance provides information on the risks associated with computer viruses and how these risks can be mitigated.

The Federal Deposit Insurance Corporation (FDIC) has prepared the attached guidance to assist financial institutions in developing an effective computer virus protection program in order to mitigate the risks associated with computer viruses and other types of malicious software codes. Financial institutions rely on the Internet to conduct business transactions and to communicate with customers, vendors and other business partners. Commonly used electronic mail applications are susceptible to computer viruses that may be embedded in e-mails and e-mail file attachments. Therefore, it is important that management understand the risks of computer viruses and take appropriate action to protect computer systems.

Customer information security guidelines require periodic risk assessments and status reports be provided to the Board of Directors. The effectiveness of the institution’s computer virus protection program should be addressed in these periodic assessments and reports. Any control weaknesses should be identified and addressed during the normal course of business.

This guidance is designed to complement the FFIEC Information Security IT Examination Handbook, issued December 2002, and to supplement Financial Institution Letter 68-99, “Risk Assessment Tools and Practices for Information System Security.”

For more information about computer virus protection programs, please contact your FDIC Division of Supervision and Consumer Protection Regional Office or Kathryn M. Weatherby, Examination Specialist, at (202) 898-6793.

For your reference, FDIC Financial Institution Letters may be accessed from the FDIC’s Web site at http://www.fdic.gov/news/news/financial/2004/index.html.

Michael J. Zamorski
Director
Division of Supervision and Consumer Protection

# # #

Attachment: Guidance on Developing an Effective Computer Virus Protection Program

Distribution: FDIC-Supervised Banks (Commercial and Savings)

NOTE: Paper copies of FDIC financial institution letters may be obtained through the FDIC’s Public Information Center, 801 17th Street, NW, Room 100, Washington, DC 20434 (1-877-275-3342 or (703) 562-2200).


Last Updated 06/07/2004 communications@fdic.gov

Home    Contact Us    Search    Help    SiteMap    Forms
Freedom of Information Act (FOIA) Service Center    Website Policies    USA.gov
FDIC Office of Inspector General